AD Group Login fails
tslagter
Posts: 19 Bronze 2
I've been testing SQL Monitor 5, and just tried changing to AD authentication. I set the service account and ran a test, then set the administrator account to "Domain Admins", a group I am a part of. I keep getting the error below. I tried fixing things by manually adding an explicit user into the ActiveDirectoryPrincipal table as indicated by the docs, but I get the same error.
#mkv: System.DirectoryServices.AccountManagement.PrincipalOperationException was thrown by method Authorisation on service AuthorisationService: System.DirectoryServices.AccountManagement.PrincipalOperationException: An error (1301) occurred while enumerating the groups. The group's SID could not be resolved. at System.DirectoryServices.AccountManagement.SidList.TranslateSids(String target, IntPtr[] pSids) at System.DirectoryServices.AccountManagement.SidList..ctor(SID_AND_ATTR[] sidAndAttr) at System.DirectoryServices.AccountManagement.AuthZSet..ctor(Byte[] userSid, NetCred credentials, ContextOptions contextOptions, String flatUserAuthority, StoreCtx userStoreCtx, Object userCtxBase) at System.DirectoryServices.AccountManagement.ADStoreCtx.GetGroupsMemberOfAZ(Principal p) at System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroupsHelper() at #cnve.#fnve.#0jBe(String ) at #cnve.#agBe.Authorisation(String )
#mkv: System.DirectoryServices.AccountManagement.PrincipalOperationException was thrown by method Authorisation on service AuthorisationService: System.DirectoryServices.AccountManagement.PrincipalOperationException: An error (1301) occurred while enumerating the groups. The group's SID could not be resolved. at System.DirectoryServices.AccountManagement.SidList.TranslateSids(String target, IntPtr[] pSids) at System.DirectoryServices.AccountManagement.SidList..ctor(SID_AND_ATTR[] sidAndAttr) at System.DirectoryServices.AccountManagement.AuthZSet..ctor(Byte[] userSid, NetCred credentials, ContextOptions contextOptions, String flatUserAuthority, StoreCtx userStoreCtx, Object userCtxBase) at System.DirectoryServices.AccountManagement.ADStoreCtx.GetGroupsMemberOfAZ(Principal p) at System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroupsHelper() at #cnve.#fnve.#0jBe(String ) at #cnve.#agBe.Authorisation(String )
Comments
It seems you could be running into the following issue, which will happen if you have SQL Monitor installed on a Windows Server 2008 / 2008 R2 / Win7 / Vista and your Domain Controller is Windows Server 2012 based. It's related to two new security principal SIDs which were introduced in Windows Server 2012. It should be fixed when you download and apply the hot fix from Microsoft onto your Windows Server 2008/2008 R2 / Win7 / Vista machine that has SQL Monitor installed upon it:
https://support.microsoft.com/en-gb/kb/2830145
Or alternatively, you can try installing SQL Monitor on a Windows Server 2012.
Please let us know if this helps resolve the issue!
Kind regards,
Alex
Have you visited our Help Center?
You can reset the login method with this script on the data repository database
You may also need to restart the SQL monitor service.
Kind regards,
Alex
Have you visited our Help Center?
Excellent! Please let us know if we can help with anything else!
Kind regards,
Alex
Have you visited our Help Center?
We do have an issue raised for the migrated users with SID history with internal reference SRP-10151 (I see you have a call open related to this). For others on the forum this is different from the issue above that tslagter experienced.
Thanks for sharing your info!
Kind regards,
Alex
Have you visited our Help Center?